Puppet Plan: complyadm::install::from_2x::generate_config
- Defined in:
- plans/install/from_2x/generate_config.pp
Overview
Extracts config settings from the 2.x install and creates a hiera config file for the new 5.x install with them.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
# File 'plans/install/from_2x/generate_config.pp', line 4
plan complyadm::install::from_2x::generate_config(
String $comply_2_target,
String $comply_3_target,
String $hostname,
String $runtime,
Boolean $install_runtime,
String $assessor_version,
String $kubernetes_conf = '/etc/kubernetes/admin.conf',
String $log_level = 'info',
) {
$comply_db_creds = run_command('kubectl get secret comply-postgres -o jsonpath=\'{.data}\'', $comply_2_target, _env_vars => { 'KUBECONFIG' => $kubernetes_conf })[0].value['stdout'].parsejson
$comply_db = base64('decode', $comply_db_creds['POSTGRES_DB'])
# TODO: Determine what we need to do with comply db username
$comply_db_username = 'comply'
# $comply_db_username = base64('decode', $comply_db_creds['POSTGRES_USER'])
$comply_db_password = base64('decode', $comply_db_creds['POSTGRES_PASSWORD'])
$identity_db_creds = run_command('kubectl get secret comply-auth-postgres -o jsonpath=\'{.data}\'', $comply_2_target, _env_vars => { 'KUBECONFIG' => $kubernetes_conf })[0].value['stdout'].parsejson
$identity_db = base64( 'decode', $identity_db_creds['POSTGRES_DB'] )
#TODO: Determine what we need to do with identity username
$identity_db_username = 'keycloak'
# $identity_db_username = base64('decode', $identity_db_creds['POSTGRES_USER'])
$identity_db_password = base64('decode', $identity_db_creds['POSTGRES_PASSWORD'])
$identity_secret = run_command('kubectl get secret comply-auth -o jsonpath=\'{.data}\'', $comply_2_target, _env_vars => { 'KUBECONFIG' => $kubernetes_conf })[0].value['stdout'].parsejson
$identity_admin_user = base64( 'decode', $identity_secret['admin-user'] )
$identity_admin_password = base64( 'decode', $identity_secret['admin-password'] )
$client_cookie_secret = run_command(
'kubectl exec service/comply-gatekeeper -- cat /etc/oauth2-proxy/oauth2-proxy.cfg | grep secret', $comply_2_target, _env_vars => { 'KUBECONFIG' => $kubernetes_conf })[0].value['stdout']
$client_secret=$client_cookie_secret.match(/client_secret=\"(.*)\"/)[1]
$cookie_secret=$client_cookie_secret.match(/cookie_secret=\"(.*)\"/)[1]
$assessor_update_check_interval = run_command(
'kubectl exec service/comply-scarpy -- /bin/bash -c "printenv WS_PE_ASSESSOR_OUT_OF_DATE_POLLER_INTERVAL || echo 1h"', $comply_2_target, _env_vars => { 'KUBECONFIG' => $kubernetes_conf })[0].value['stdout']
$data_retention_period = run_command(
'kubectl exec service/comply-scarpy -- /bin/bash -c "printenv DATA_RETENTION_PERIOD || echo 0"', $comply_2_target, _env_vars => { 'KUBECONFIG' => $kubernetes_conf })[0].value['stdout']
$fact_update_check_interval = run_command(
'kubectl exec service/comply-scarpy -- /bin/bash -c "printenv WS_PE_UPDATE_FACTS_POLLER_INTERVAL || echo 24h"', $comply_2_target, _env_vars => { 'KUBECONFIG' => $kubernetes_conf })[0].value['stdout']
run_plan('complyadm::generate_config', {
client_secret => Sensitive($client_secret),
cookie_secret => Sensitive($cookie_secret),
comply_db_password => Sensitive($comply_db_password),
comply_db_username => $comply_db_username,
identity_db_password => Sensitive($identity_db_password),
identity_db_username => $identity_db_username,
identity_admin_user => Sensitive($identity_admin_user),
identity_admin_password => Sensitive($identity_admin_password),
inventory_aio_target => $comply_3_target,
resolvable_hostname => $hostname,
runtime => $runtime,
install_runtime => $install_runtime,
assessor_version => 'latest',
# TODO: Migrate the items below when config validation completed
# assessor_update_check_interval => $assessor_update_check_interval,
# data_retention_period => $data_retention_period,
# fact_update_check_interval => $fact_update_check_interval,
log_level => $log_level,
})
}
|